CVE-2019-3700

Name of the Vulnerable Software and Affected Versions yast2-security versions prior to 4.2.6

Description The issue arose due to insecure default settings in yast2-security, which led to the use of DES password encryption for passwords created during a specific time frame. This made the passwords vulnerable to attackers who could access the password hashes. The problem began when configuration files setting secure settings were moved to a different location on 2019-10-07, and it persisted until yast2-security switched to stronger defaults.

Recommendations For versions prior to 4.2.6, update to version 4.2.6 or later to switch to stronger default settings and mitigate the risk of insecure password encryption.